Logwatch
Logwatch compiles various logs together and delivers them as a report via email on a regular daily basis. This is a useful tool for detecting unauthorized access and problems and monitoring servers.
①Install
|
1 |
# apt -y install logwatch |
②Copy the default configuration file
|
1 |
# cp /usr/share/logwatch/default.conf/logwatch.conf /etc/logwatch/conf/ |
➂Change email address, etc.
|
1 2 3 4 5 6 7 8 9 10 |
# vi /etc/logwatch/conf/logwatch.conf ●Per Line52 Insert “#” at the beginning of the “MailTo = root” line and set the email address you want to receive notifications to the line below it. #MailTo = root MailTo = [Mail Address] ●Per Line 85 : Set the level of detail for log notifications #Detail = Low Detail = High |
④Creating Directories
|
1 |
# mkdir /var/cache/logwatch |
⑤Confirmation of Operation
When logwatch is installed, cron is registered by default, so report mail is delivered every day.
Test if the report is delivered to the address you set.
|
1 |
# /etc/cron.daily/00logwatch |
Chkrootkit
chkrootkit is a tool to detect the presence of rootkits.
Note that chkrootkit is meaningless after it has already been tampered with, so consideration must be given when introducing it. In addition, chkrootkit has no function to automatically deal with a rootkit even if it detects it, so it must be dealt with manually after detection.
①Install chkrootkit
|
1 |
# apt -y install chkrootkit |
➁Check chkrootkit
|
1 2 |
# chkrootkit | grep INFECTED If nothing is displayed, no problem |
Create chkrootkit periodic execution script and change permissions
Automatically creates /etc/cron.daily/chkrtootkit based on /usr/sbin/chkrootkit-daily and runs it automatically every day, so no script creation is required
Disk Usage Check Script
1.Scripting
|
1 2 |
# cd /opt/script/ # vi disk_capacity_check.sh |
Contents of disk_capacity_check.sh
|
1 2 3 4 5 6 7 8 9 10 |
#!/bin/bash #Email Address for Notification MAIL="<your mailaddress> " DVAL=`/bin/df / | /usr/bin/tail -1 | /bin/sed 's/^.* \([0-9]*\)%.*$/\1/'` if [ $DVAL -gt 80 ]; then echo "Disk usage alert: $DVAL %" | mail -s "Disk Space Alert in `hostname`" $MAIL fi |
|
1 |
# chmod 700 disk_capacity_check.sh |
2. Execution check
①Check current usage
|
1 |
# df -h |
It appears as follows
|
1 2 3 4 5 6 7 |
Filesystem Size Used Avail Use% Mounted on udev 1.9G 0 1.9G 0% /dev tmpfs 389M 752K 388M 1% /run /dev/sda1 19G 2.5G 16G 14% / tmpfs 1.9G 0 1.9G 0% /dev/shm tmpfs 5.0M 0 5.0M 0% /run/lock tmpfs 389M 0 389M 0% /run/user/1000 |
②Create a dummy file (in the example, it is called "dummyfile" and is about 15G) so that the utilization is 80% or more.
|
1 |
# dd if=/dev/zero of=dummyfile bs=1M count=15000 |
③Check again
|
1 |
# df -h |
Run it and make sure it is above 80%.
④Run disk space check script
|
1 |
# /opt/script/disk_capacity_check.sh |
You will receive an e-mail to the e-mail address you have set up with the body of the message as "Disk usage alert : 98%".
⑤Delete the "dummyfile" you created.
|
1 |
# rm dummyfile |
⑥Periodic Execution Setting
|
1 2 |
# crontab -e 30 2 * * * /opt/script/disk_capacity_check.sh |